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Claims 

1) A method of designing a validation environment for a service implemented by 
an embedded electrical system, the method including: 

a) assigning to said service one or more user requests and system 
responses thereto; 

b) assigning to said service a behavioral automata, said behavioral automata 
fixing the allowed sequencing of said user requests and system responses; 

c) generating automatically a skeleton validation environment for said 
service, in the form of a program executable on a simulation tool, said 
sl<eleton validation environment comprising a testing automata produced from 
a traversal of said behavioral automata, a model of initial conditions, models 
of user requests, models of system response accuracy, an environmental 
model and the dataflow and control flow assembling these models together, 
said skeleton validation environment covering all user requests and resultant 
system responses of said service, and 

d) recording said skeleton validation environment In a computer readable 
memory device for use by a design validation tool. 

2) A method according to claim 1 , including assigning to each user request a 
function implementing it and assigning to each system response one or more 
functions implementing it, a dataflow of said skeleton validation environment 
being built using said functions of user request and system response. 

3) A method according to claim 2, including assigning to said service a black box 
interface, whose input and output correspond to the input and output of at 
least one of the functions implementing the service, and interfacing the output 
of said service black box with said skeleton input and said skeleton output 
with the input of said service black box and completing and correcting 
skeleton and service specification in a simulation environment to yield a 
validation result. 

4) A method according to claim 3, including outputting a validated model which 
comprises a validation environment for said service and at the same time 
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comprises a validated modei of the service. 

5) A method according any preceding claim, including substituting a model of the 
service with its software implementation. 

6) A method according any preceding claim, Including substituting a model of the 
service with its software and hardware implementation and embedding said 
validation environment on a testing platform interfaced with said hardware 
implementation. 

7) A method according to any preceding claim, Including a systematic injection of 
faults for all replicated objects in a fault tolerant system, such as a brake-by- 
wire system in a vehicle. 

8) A method according to any preceding claim, including assigning a validation 
environment for several services sharing at least one user request and mixing 
said validation environments of said service to yield a validation environment 
for the set of said services, 

9) A computer program comprising program code means for performing all of the 
steps of any one of the preceding claims when said program is run on a 
computer. 

10) A computer program product comprising program code means stored on a 
computer readable medium for performing the method of any one of claims 1 
to 8 when said program product is run on a computer. 

11) A design tool adapted for the validation of a system design, said design tool 
being arranged in use to output a validation environment for and embedded 
electrical system by using a method according to any one of claims 1 to 8, or 
through being programmed using a computer program according to claim 9. 



